VirtueMart 3.2.12 - Just a hotfix update

Compatible with Joomla 2.5 and Joomla 3, the new generation of the eCommerce solution VirtueMart is now available with many new easing features. Built with the experience of more than 10 years VirtueMart 3 provides you with a powerful and comprehensive eCommerce solution. We give you a flavour of the work we have done to provide you with one of the best open-source e-commerce solution around!

Unfortunately, we were a bit too fast with our security release, having found an error in the testing phase we created another small bug while we were fixing it.

VirtueMart usually sets the default Joomla frontend language as the shop language, it is this function that had an issue. Some multi-lingual shops failed to load products when the shop language was not explicitly set, or not by default in english.

We have tested this new fix and we do not see any bugs.

Finally, we dropped our dependency on SimplePie for RSS feeds and now use the JFeedFactory of Joomla to display the news and product feed on the dashboard.

A minor XXS vulnerability was present in versions prior to 3.2.6. It occurred when the features feeds and search were used together. It happened only for feed enabled, so administrators can also close the leak in earlier versions by disabling the feed functions. The URL creation of the feed function used an improper call for JRoute. So urlencoded js was executed. The problem is fixed now by using our getCurrentUrlBy function, which works with a whitelist for variable names and it urlencodes any value.